Security threats in 2008

One security vendor has labelled smarter botnets and attacks targeting Web 2.0 sites as the two most serious threats facing users this year. The vendor predicts that Web 2.0 sites offering everything from consumer social networking to business relationship management could prove an easy form of attack. Therefore these sites are likely to be increasingly used by cybercriminals to distribute malware or steal volumes of data.

Botnets will also continue to grow as a threat in 2008. Various versions of the Storm Worm represented the biggest single threat in 2007 and the Storm worm set a precedent of how botnets are expected to develop in 2008, spreading thousands of malware variants to infect PCs and expand the botnet networks.

According to another security vendor, mobile devices will become prime targets in 2008, largely because connectivity via channels like Wi-Fi, GPRS and Bluetooth will continue to allow opportunities for malware applications to steal sensitive data.

Target: iPhone

Especially Apple's vastly popular iPhone is predicted to become a major target. According to experts, assaults are likely to be in the form of drive-by attacks – malware embedded into seemingly harmless information, images or other media that actually perform dangerous actions when rendered on the iPhone's web browser. Warnings of the first iPhone Trojan ever discovered in the wild were made public on January 5.

Windows Vista has not been a big target for hackers so far, but according to experts that will all change in 2008, as the operating system climbs past the 10 percent market-share milestone. The experts believe that Vista has gotten off easy its first year because hackers go after common environments. But as adoption figures for Vista increase, malware authors will really start to find flaws and Vista will become a major target. More than 40 vulnerabilities are predicted in Windows Vista this year.

IM attacks on the rise

Attackers are also likely to focus on instant messaging. Malware spreads fast through instant messaging because attackers have a pre-existing list of targets in the address book and can automate attacks so a carrier does not know it is infected. In 2007 there were 10 high-severity instant messaging risks, compared to none in 2006. This trend will continue in 2008.

Some experts foresee that phishers will shift focus to small, un-prepared transaction sites, rather than maintaining target on banking sites. Banks have generally increased their layers of protection and therefore smaller e-commerce sites are likely to become new targets.